Caveat Vendor

The CFPB has issued a Final Rule regulating arbitration agreements in contracts for certain consumer financial products and services. The Final Rule applies to providers of certain consumer financial products and services in the core markets of lending money, storing money, and moving or exchanging money.

The Washington State Attorney General’s over two-year pursuit of the makers of the 5-Hour Energy drink ended last week with a court judgment of nearly $4.3 million for violations of the state Consumer Protection Act.

You’d think the first casino magnate as president would have the U.S. gaming industry rejoicing, but there is one segment of the industry that likely is holding its collective breath – the internet gambling sector.

Eight years after being signed into law, California’s menu labeling law will finally go into effect on December 1, 2016. While FDA has delayed enforcement of the federal menu labeling standard until May 5, 2017, California’s Department of Public Health confirms that local health departments may begin inspecting restaurants subject to the statewide standard as early as December 1, 2016.

With the European Commission’s (“EC”) approval of the U.S.-EU Privacy Shield Framework (“Privacy Shield) on July 12, 2016, many companies are rushing to self-certify to the new compliance mechanism for personal data transfers from Europe to the United States. By certifying in the first two months – by September 30, 2016 – organizations can take advantage of a nine-month grace period from the date they certify to bring their existing commercial relationships and agreements with third parties into conformity with the Accountability for Onward Transfer Principle.

On June 28, 2016, Public Knowledge petitioned the FCC for an emergency stay of the usage of spectrum by devices that enable vehicle-to-vehicle and vehicle-to-infrastructure communications until the FCC adopts adequate cyber security and data privacy rules for such devices. The impending implementation of vehicle-to-vehicle devices prompted Public Knowledge to file its petition

The Safe Harbor provision has finally set sail. On Monday, the Hamburg Data Protection Authority (“Hamburg DPA”) announced that it has fined three companies an aggregate total of €28,000 ($31,928) for continuing to operate under the U.S.-E.U. Safe Harbor Framework. This is the first enforcement action by any European country since the European Court of Justice (“CJEU”) invalidated the Safe Harbor last October.

On March 2, the Consumer Financial Protection Bureau (the “Bureau”) announced enforcement action against online payment processor, Dwolla Inc. (“Dwolla”). This is the Bureau’s first enforcement action related to data security pursuant to its authority to prohibit unfair, deceptive, and abusive acts and practices (“UDAAP”).

Congress has taken a critical step in implementing its obligations under the recently announced EU-U.S. Privacy Shield through Wednesday night’s passage of the Judicial Redress Act in the House of Representatives.